Okay. So HSBC likes to state it differently: It was not willingly or knowingly done on behalf of HSBC. Just that an ex-staffer copied the list of (at least) 24,000 private banking (read: wealthy) customers to a private computer and tried to sell it. The way HSBC states it, they (the bank) was the victim in this case (http://www.hsbc.com/1/PA_1_1_S5/content/assets/investor_relations/sea/2010/sea_100311_private_bank.pdf). Hmm… And here I thought the people who’s ID is being sold to mafias and governments would be the victims…

Amusingly, the thief was trying to sell the data to governments for tax evasion purposes. Germany, it seems, is willing to pay to expose tax evaders. LOL.

At first the bank thought it was “less than 10 customers”. Then it slowly went up to 24,000 customers. Some governance… What are their security/audit teams up to (if not governance) anyway?

IRS evaders: Think your tax haven in Swiss HSBC is safe? Think again!

Quote:“The bank believes the stolen data will not allow unauthorised people to access those accounts, despite the fact that the incident could mean that some of the account holders affected could be risking prosecution by tax authorities.”
“The bank believes?” – Believes is not a word I expect my bank to use. “Validated”, “verified”, “ensured”, “put in measures” etc. are better words. Call me old fashioned: I like my banks secure, with big safes and rigourous pen registries; not flimsy, uncommitted, ungoverned entities.

But HSBC unreservedly apologized, which I assume means all is well….

BTW – HSBC has previously starred as “most prone to ID theft” in a report analyzing susceptibility to data theft among large banks. More information at: http://www.wired.com/threatlevel/2008/02/bank-of-america/